Accommodation and Food Services

  • Summary

    The Accommodation and Food Services industry is experiencing Hacking, Social and Malware attacks with close to equal frequency.


    69 incidents, 40 with confirmed data disclosure

    Top Patterns

    System Intrusion, Social Engineering and Basic Web Application Attacks represent 85% of breaches

    Threat Actors

    External (90%), Internal (10%) (breaches)

    Actor Motives

    Financial (86% - 100%), Espionage (0% - 14%) (breaches)

    Data compromised

    Personal (51%), Credentials (49%), Payment (33%), Other (15%) (breaches)

    Top IG1 Protective Controls

    Security Awareness and Skills Training (14), Access Control Management (6), Secure Configuration of Enterprise Assets and Software (4)

  • The Accommodation and Food Services Industry (NAICS 72) shows fewer breaches this year than in the past (92 last year). A logical explanation for this would be that due to the global conditions during the greater part of 2020, travel and dining out were significantly curtailed. That would result in fewer transactions, and by extension, less breaches. Nevertheless, 40 incidents are a statistically sufficient number for us to derive some conclusions. The most prevalent patterns in this industry were System Intrusion, Social Engineering and Basic Web Application Attacks, although there was almost nothing to tell them apart (Figure 97).

  • Figure
  • As pointed out elsewhere in this report, certain Action types have been clustered together to form the System Intrusion pattern. This includes Malware actions that would have previously been found in the Crimeware pattern. However, while the patterns may have changed, as you can see in Figure 98, the malware prevalent in this industry is of the Backdoor, C2, and Trojan varieties that we have witnessed in previous years.

    Direct installation by the attacker is by far the most common vector for the malware seen in this vertical. 

    With regard to data type, Credentials (49%), Personal (51%), and Payment (33%), all come in at or near the same number, and are again what one might expect as a result of the attack types mentioned above. Finally, while we must admit that our sample size is very small (n = 18), the Discovery method, when known, is (as it has been for many years) via a third party, 39%- 75%. Usually via notification by law enforcement or from a Common Point of Purchase audit, but in some cases by the threat actors themselves. We would love to see some positive change in Discovery methods for this industry, as it only stands to reason that the impact of a breach will likely be greater if you have to wait for someone outside of your organization to inform you.

  • Figure

Let's get started.